ClawHub

X Master

Security checks across malware telemetry and agentic risk

Overview

This is a mostly transparent X/Twitter routing skill, but it gives broad credentialed X API routing authority without enough limits or approval controls.

Review before installing if you plan to connect X OAuth credentials or use xurl. Keep posting in draft-and-approve mode, require explicit approval for follower, batch, analytics, and any other state-changing API operation, and install optional sub-skills only after reviewing their permissions. Avoid using the public fxtwitter proxy for sensitive monitoring or private investigative work unless that data sharing is acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The document materially expands a master-routing skill into operational guidance that instructs agents to directly call an external scraping proxy. In this context, that is dangerous because it can bypass intended tool boundaries, normalize unreviewed outbound network access, and create privacy/compliance risk outside the declared routing role.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The guidance endorses an unofficial third-party proxy service for obtaining X content without clearly justifying why this belongs in a routing skill or assessing the security/privacy tradeoffs. This creates supply-chain and data-governance exposure because tweet identifiers, URLs, and usage patterns are sent to infrastructure outside the primary system boundary.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The markdown tells the agent to send tweet URLs, usernames, and tweet IDs to a third-party proxy but provides no user-facing disclosure that these inputs will be shared externally. Even if the content is public, the request metadata can reveal user interests, monitoring targets, or investigative activity, creating avoidable privacy and confidentiality concerns.

Unrestricted Tool Access

Medium
Category
Excessive Agency
Content
---

### 7. Direct X API v2 calls
**Tool:** `xurl` skill (or your configured X API client)
**When:** Specific API operations — follower management, analytics, batch operations, anything not covered above
**Requires:** X OAuth configured in your environment
Confidence
80% confidence
Finding
Tool:*

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal